Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

ELIMINAZIONE VIRUS .EXE

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

ELIMINAZIONE VIRUS .EXE

Postdi zizigno » 03/05/06 23:06

CIAO A TUTTI
PENSO DI AVERE QUALCHE VIRUS .EXE CHE CONTINUAMENTE GIRA SUL TASK MANAGER.
PURTROPPO NON MI RIESCE LEGGERE I LOG DI HIJACK,QUINDI MI METTO NELLE VOSTRE MANI!!!!
GRAZIE MILLE

CIAO LUCA

Logfile of HijackThis v1.99.1
Scan saved at 23.48.49, on 03/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\atiptaxx.exe
C:\Programmi\corega\WLUSB2GTST\WLANmon.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\windows\mousepad10.exe
C:\WINNT\WNSXS~1\fast.exe
C:\Documents and Settings\paolo\Dati applicazioni\??sembly\?ervices.exe
C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\WINNT\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {5565C1C9-7151-5881-7C82-57879AF4B9E9} - C:\WINNT\system32\mvn.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5565C1C9-7151-5881-7C82-57879AF4B9E9} - C:\WINNT\system32\mvn.dll
O2 - BHO: (no name) - {69C22953-92C0-B44E-E439-B9196308D5EE} - C:\WINNT\system32\wlfa.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [corega K.K. CG-WLUSB2GTST] C:\Programmi\corega\WLUSB2GTST\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AtiPanel] C:\WINNT\atip.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname10.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [Asas] "C:\WINNT\WNSXS~1\fast.exe" -vt yazr
O4 - HKCU\..\Run: [Pbvj] C:\Documents and Settings\paolo\Dati applicazioni\??sembly\?ervices.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmaste ... ad618a.exe
O16 - DPF: {FBFF6F10-A2FC-9544-745F-A1F75A0501AE} - http://www.italian-toplist.com/cart/gs/gsa_0097.exe
O16 - DPF: {FBFF6F10-ABCD-9544-832F-A1F75A0501AE} - http://www.ricerchiamo.net/cart/x/gsa_0078.exe
O20 - Winlogon Notify: ShellCompatibility - C:\WINNT\system32\dHdpmesh.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
zizigno
Utente Junior
 
Post: 14
Iscritto il: 19/04/06 14:27

Sponsor
 

Postdi Luke57 » 04/05/06 07:59

Ciao, hai diversa roba, sembra tra le varie anche un’infezione o residuo di Look2me.
Intanto scarica Cwshredder da qui:
http://www.trendmicro.com/ftp/products/ ... redder.exe
e mettilo sul desktop
Apri hiajckthis, premi “open the misc tools section”, “Open process manager”, individui ed evidenzi questi processi ( se non ci sono non importa):
C:\windows\mousepad10.exe
C:\Documents and Settings\paolo\Dati applicazioni\??sembly\?ervices.exe
Premi kill process
Torni al menu principale con back, premi “scan”, cerchi e spunti le seguenti voci:
C:\Documents and Settings\paolo\Dati applicazioni\??sembly\?ervices.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {5565C1C9-7151-5881-7C82-57879AF4B9E9} - C:\WINNT\system32\mvn.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5565C1C9-7151-5881-7C82-57879AF4B9E9} - C:\WINNT\system32\mvn.dll
O2 - BHO: (no name) - {69C22953-92C0-B44E-E439-B9196308D5EE} - C:\WINNT\system32\wlfa.dll (file missing)
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard10.exe
O4 - HKLM\..\Run: [AtiPanel] C:\WINNT\atip.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname10.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKCU\..\Run: [Asas] "C:\WINNT\WNSXS~1\fast.exe" -vt yazr
O4 - HKCU\..\Run: [Pbvj] C:\Documents and Settings\paolo\Dati applicazioni\??sembly\?ervices.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmaste ... ad618a.exe
O20 - Winlogon Notify: ShellCompatibility - C:\WINNT\system32\dHdpmesh.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe (file missing)
Premi fix checked
Riavvii in modalità provvisoria
( Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
Rendi visibili file e cartelle nascosti (vai in start>impostazioni>pannello di controllo>opzioni cartella, e clicca su "visualizzazione". Seleziona "visualizza file e cartelle nascosti", e deseleziona "nascondi file protetti e di sistema". Clicca su OK.
Esegui CWShredder.exe (premendo fix e non scan only)
Cerca ed elimina i seguenti file ( se ci sono):
C:\windows\mousepad10.exe
C:\Documents and Settings\paolo\Dati applicazioni\??sembly\?ervices.exe---- > tutta la cartella
C:\WINNT\system32\mvn.dll
C:\WINNT\system32\wlfa.dll
c:\windows\keyboard10.exe
c:\windows\newname10.exe
C:\Programmi\webHancer\Programs\whsurvey.exe----- > tutta la cartella webHancer
"C:\WINNT\WNSXS~1\fast.exe" -vt yazr
C:\WINNT\system32\dHdpmesh.dll
C:\Programmi\Network Monitor\netmon.exe
Poi elimina tutti i file temporanei di windows (temp e tmp, (fai così start>cerca>tutti i file e cartelle, nello spazio bianco “nome del file o parte del nome” copi : *.temp; *.tmp ed elimini tutti quelli trovati), cancelli tutti i file temporanei di IE, cronologia, cookies,
svuoti il cestino.
Da pannello di controllo, installazioni\applicazioni, cerchi ed elimini tutti i programmi che non hai installato tu.
Fai una scansione on line qui:
http://www.bitdefender.com/scan8/ie.html
Posta un nuovo log di hijackthis
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi zizigno » 04/05/06 23:11

ciao luke

ho fatto tutto come da copione.
bitdefender ha trovato alcuni virus e li ha eliminati.
questo e' il nuovo log di hijack

Logfile of HijackThis v1.99.1
Scan saved at 0.13.54, on 05/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\atiptaxx.exe
C:\Programmi\corega\WLUSB2GTST\WLANmon.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\WINNT\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [corega K.K. CG-WLUSB2GTST] C:\Programmi\corega\WLUSB2GTST\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {FBFF6F10-A2FC-9544-745F-A1F75A0501AE} - http://www.italian-toplist.com/cart/gs/gsa_0097.exe
O16 - DPF: {FBFF6F10-ABCD-9544-832F-A1F75A0501AE} - http://www.ricerchiamo.net/cart/x/gsa_0078.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

grazie

ciao luca
zizigno
Utente Junior
 
Post: 14
Iscritto il: 19/04/06 14:27

Postdi Luke57 » 05/05/06 08:53

Ciao, mi sembra a posto complimenti ;) , verifica se quei due 016 (top list e ricerchiamo) li hai messi consapevolmente, altrimenti eliminali con hijackthis.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi zizigno » 05/05/06 23:54

grazie tanto luke per l'aiuto e beati voi che sapete leggere i log di hijack!!!

un saluto luca
zizigno
Utente Junior
 
Post: 14
Iscritto il: 19/04/06 14:27


Torna a Sicurezza e Privacy


Topic correlati a "ELIMINAZIONE VIRUS .EXE":


Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti